SSO only without Integrated Windows Authentication

we are using the Servlet Negotiate Security Filter. We have the problem, that SSO works only with deactivated option of Integrated Windows Authentication in browser.

If the option is deactivated the browser identifies the site as local intranet. Log files in Tomcat display the correct output of Waffle.

If the option is activated, we get an error message from the browser (IE) "The page cannot be displayed" and the zone is "internet" instead of "intranet". Log files in Tomcat don't display any entries about these attempts.

We need to work with the activated option "Integrated Windows Authentication" in browsers. Do you have any idea, what our problem could be and how we can deal with it? Thank you very much.

Is this happening on a default setup for several of your client machines?

I think this is all a client-side problem. The server krex3652 is not properly identified as an intranet server in IE when this option is enabled. I would start by resetting the client security settings and then simply re-adding krex3652 to the trusted
sites.